Aviva Intermediaries Privacy Policy


Aviva takes your privacy very seriously. Please read this Privacy Policy carefully as it contains important information about who we are and how and why we collect, store, use and share your Personal Information.  It also explains your rights in relation to your Personal Information and how to contact us or supervisory authorities in the event you have a question or concern.

We collect, use and are responsible for certain Personal Information about you. When we do so we are subject to data protection laws, including the UK General Data Protection Regulation, and we are a ‘controller’ of your Personal Information for the purposes of those laws.

This Privacy Policy applies whenever you interact with Aviva by email, in person, online or through one of our Intermediary Tools. A separate Aviva Privacy Policy governs the way in which Aviva collects and uses Personal Information relating to your Clients.



This Privacy Policy is intended to be read in conjunction with the Terms of Business which Aviva has entered into with your Intermediary Firm and any Terms and Conditions of Use that apply to Intermediary Tools that you use.  The relevant Aviva entity that is responsible for your Personal Information in accordance with this Privacy Policy (known as the ‘controller’) will be the Aviva group company that has entered into Terms of Business with your Intermediary Firm, the Aviva group company that provides the Intermediary Tool(s) that you use, and/or the Aviva group company that is responsible for any communications you receive (if these are different companies).

  • For information concerning Aviva please visit aviva.com
  • For a full list of the Aviva trading companies in the UK please see our list of Aviva companies
  • For full details as to how we collect and process your Clients’ personal information and their rights in relation to it, please visit review the Privacy Policy at aviva.co.uk.



In this Privacy Policy, the following words shall have the following meanings except where the context requires otherwise:

  • “Aviva”, “we”, “us”, “our” - means the Aviva group company that is responsible for your Personal Information in accordance with this Privacy Policy.
  • “Clients” - means the end clients who you act for as an Aviva intermediary.
  • “Intermediary Firm” - means a firm acting as an adviser, broker and/or healthcare intermediary capacity.
  • “Intermediary Tools” - means tools and resources that Aviva makes available for use by Intermediary Firms when conducting business with Aviva, including the Aviva Connect website and APC Online.
  • “Personal Information” - means any information relating to an identified or identifiable individual.
  • Terms of Business” - means the contract between your Intermediary Firm and Aviva governing their role as an intermediary for Aviva products and services.
  • “you”, “your” - an individual who is employed by, works for, manages or owns an Intermediary Firm which conducts business with Aviva.


Personal Information we collect about you

We may collect and use the following Personal Information about you:

  • Basic personal details such as your name, address, email address, telephone number and postcode;
  • Account registration details, such as username and password;
  • Information about the Intermediary Firm you work for and your role within the firm, including the firm name, firm size, your firm role and FCA number;
  • Information about your marketing preferences;
  • If you are a director or partner of your Intermediary Firm, we may need to check and verify your identity and will collect information about your date of birth, National Insurance Number and current and previous three years’ addresses together with performing credit or other financial checks on you;
  • Transactions you have completed and quotations you have requested;
  • Information about how you use and interact with the Intermediary Tools, Aviva’s websites, communications you receive from Aviva and other systems;
  • Your responses to surveys, competitions and promotions;
  • Information about continued professional development activity that you complete with Aviva.

This Personal Information is required to provide products and/or services to you in your capacity as an intermediary for Aviva.  If you do not provide Personal Information we ask for, it may delay or prevent us from providing these products and/or services to you.


How your Personal Information is collected

We collect Personal Information about you when you or your Intermediary Firm does business with us, including dealings we have with you through a number of channels, such as:

  • If you create an online user account or use the Intermediary Tools;
  • If you participate in any surveys, competitions or promotions;
  • If you record continued professional development activity with us;
  • If you take part in activities for the Aviva Community Fund;
  • If you contact or communicate with us by telephone, mail, email, text, via an Intermediary Tool or in person;
  • From cookies on our websites and Intermediary Tools (for more information on our use of cookies, please see our Cookie Policy);
  • Via our IT systems, e.g. automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems.


Use of third-party information

We may obtain information about your Intermediary Firm and your Clients from our third-party suppliers and databases (including, for example, Diligenta, FNZ, Capita, iPipeline and Acturis). We also use commercial property websites and government websites that assist with marketing insights, pricing research, product development and business strategy and to help us detect and prevent fraudulent activity (including, for example, third party sanction screening providers and credit reference agencies). This includes publicly available information for example from the FCA and Companies House.

We may receive your Personal Information from insurance brokers, financial advisers, our business partners or other third parties who introduce you to us. We may also gain information from other third parties with your consent, e.g. your bank.


How and why we use your Personal Information

Under data protection law, we can only use your Personal Information if we have identified a legal basis for doing so, such as:

  • to comply with our legal obligations;
  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • for our legitimate interests or those of a third party; or
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The sections below explain what we use (process) your Personal Information for, our reasons and legal basis for doing so:

1.  To allow you and your Intermediary Firm to do business with us - we will use your Personal Information to:

  • set up an account with us;
  • maintain that account;
  • allow you to access and make use of the Intermediary Tools;
  • administer and manage products that your Clients have with us; and
  • manage queries and complaints which may involve you, your Intermediary Firm or your Clients;

We use Personal information for the purposes outlined in this paragraph 1 to support the legitimate interests of our business as an insurer, and also to perform our contract to provide your Intermediary Firm with products and services in accordance with the Terms of Business we have in place and in the interests of providing an efficient service to you, your firm and your Clients. 

2.  To market our products and services and make improvements to our operations:

  • we will use your Personal Information to keep you informed about our products and services that we think will be of interest to your Clients, consistent with your marketing preferences. We explain more about this in our section on Marketing;
  • we will also use your Personal Information for research and statistical purposes to analyse how you use our websites and Intermediary Tools so we can improve our understanding of your needs and enhance our products and services.

We use Personal Information for the purposes outlined in this paragraph 2 for our legitimate interests or those of a third party, to promote our business and to be as efficient as we can so we can deliver the best service for you.

3.  To meet responsibilities we have to our regulators, tax officials, law enforcement and other similar bodies:

  • if you are a director or partner of your Intermediary Firm, we will carry out appropriate verification and credit checks. We use Personal Information for these purposes to comply with requirements we have under financial conduct rules and laws relating to anti-money laundering and financial crime and to prevent and detect fraud (see our section on Fraud Prevention and Detection for more information);
  • gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies;
  • carry out necessary background checks to make sure you and your Intermediary Firm are legitimate persons to do business with in accordance with our Terms of Business (we explain more about this in our section on Fraud Prevention and Detection);
  • preventing unauthorised access and modifications to systems and Intermediary Tools; and
  • ensuring the confidentiality of commercially sensitive information.

We use Personal Information for the purposes outlined in this paragraph 3 to meet our legal obligations and for our legitimate interests or those of a third party, to prevent and detect criminal activity that could be damaging for us and for you.

4.  In connection with the purchase, sale, transfer or disposition of any part of our business.

We use Personal Information for the purposes outlined in this paragraph 4 for our legitimate interests or those of a third party and to promote our business.

If you would like to know more about any of the legal reasons or legitimate interests that apply to a particular way in which we use Personal Information you can contact us at any time.


Who we share your Personal Information with

If you request a quote or purchase a product or service on behalf of your Client, information about you and your Intermediary Firm may be shared with and processed by our third-party administrators and service providers who help us to facilitate the administration of our business. For example, Diligenta, FNZ, Capita, iPipeline, Acturis and Salesforce are some of our third-party IT providers that we share Personal Information with.  If you require any further information, please contact us. For further details regarding how we share information related to our products and services on behalf of your Clients, please visit our Privacy Policy at aviva.co.uk.

We may also share Personal Information about you with:

  • our regulators and law enforcement as necessary for purposes of Fraud Prevention and Detection;
  • online or digital partners we work with so we can communicate with you through their platforms;
  • other third-party systems providers whose systems you request access to as part of your online account registration with us;
  • your Clients if they have queries about the services between you, them and us;
  • Aviva group companies;
  • other insurers, insurance brokers, intermediaries, financial advisers and our business partners;
  • third parties we use to help deliver our products and services to you, e.g. payment service providers;
  • other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
  • third parties approved by you, e.g. social media sites you choose to link your account to or third-party payment providers;
  • credit reference agencies; and
  • our banking partners.

We only allow our service providers to handle your Personal Information if we are satisfied that they take appropriate measures to protect your Personal Information. We may also share Personal Information with external auditors.

We may also need to share some Personal Information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, Personal Information will be anonymised, but this may not always be possible. The recipient of the Personal Information will be bound by confidentiality obligations.


Marketing communications

We may use your Personal Information to send you updates (by email, text message, telephone, post or on social media) about our products and services, including promotions and new products and services. We may also display marketing to you on our websites and Intermediary Tools.

We have a legitimate interest in processing your Personal Information for marketing purposes (see the section above on How and why we use your Personal Information) and you can always unsubscribe at any time.

You have control over our use of your Personal Information for marketing purposes. You can change your marketing preferences at any time either within the profile settings of your online account or by emailing us at DATAPRT@aviva.com.  And you can always ‘opt out’ of receiving email marketing by using the unsubscribe links you will find in our marketing emails. 

Cookies and other technologies

We rely on third-party advertising technology (such as the deployment of cookies or small text files on our websites and Intermediary Tools) to collect information about you.  This technology is used to optimise what you may see on our websites and Intermediary Tools and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.

For further information about cookies and other technologies and how to manage them, please see our Cookie Policy.

Social media and online platforms

We share Personal Information with media agencies and social media and other online platforms to help us target our online marketing.  Social media and other online platforms may also use Personal Information they hold and combine it with Personal Information received from us to create target audiences.  These are audiences that we think would be interested in our online advertising.  This may involve social media and other online platforms building a ‘lookalike’ profile of the type of person we are trying to target and providing specific adverts to those people when they browse the internet or use social media.

Marketing profiles

We use automated processes to help us provide more personalised marketing of our products. To do this, our automated process creates a marketing profile for you using Personal Information such as:

  • identification data;
  • contact data;
  • data about your Intermediary Firm;
  • behavioural data (e.g. data relating to your use of our websites); and
  • data about your trading activities on our Intermediary Tools.

Our process analyses this data to determine the most relevant products, services, offers or benefits to offer to you and to decide the appropriate time and channel for offering them to you.

Promotions and competitions

We occasionally run promotions and competitions for our Intermediary Firms.  Our communications to you about these promotions and competitions before you enter them are marketing.  If you opt out of direct marketing, you will not receive communications about promotions and competitions.

We may use your Personal Information to select you as a winner, inform you of promotion and competition outcomes and send prizes to your nominated address.  We may use third party fulfilment partners to assist us in administering promotions and competitions, including contacting you on our behalf.  In accordance with the rules of the Advertising Standards Authority, we may publish or make publicly available information that indicates that a valid award has taken place.  If we do this, only your surname, country and, if applicable, your winning entry, will be published.  You have the right to object to this use of your Personal Information.

Important note on your responsibilities when handling Client Personal Information

Your Intermediary Firm is responsible for the lawful collection of Personal Information relating to any Clients with whom you do business. This includes collection and use of Personal Information about your Clients and any third parties whose details we may need to prepare a policy or personalised quote at your request. Your Intermediary Firm must, at all times, have your Client’s authority to share their Personal Information with us and it is your firm’s responsibility to ensure your Clients are provided with fair processing notices which explain our arrangements to them and secure any necessary consents or other legal basis that may be required to allow their Personal Information to be shared with us.

Your Intermediary Firm is expected to not act in any way in relation to your handling of Client’s Personal Information which might reasonably damage the reputation or goodwill of Aviva or its relationship with its Clients. Your firm must provide to us all information in your possession concerning any unauthorised or accidental disclosure of, or access to, the Personal Information of your Clients, including as a result of any unauthorised access to the Intermediary Tools.


Fraud prevention and detection

In order to prevent and detect fraud we may at any time:

  • share information about you with other organisations and public bodies including the Police;
  • undertake credit searches and additional fraud searches;
  • check and/or file your details with fraud prevention agencies and databases and, if you give us false or inaccurate information and we suspect fraud, we will record this to prevent fraud and money laundering.

We can supply on request further details of the agencies and databases we access or contribute to and how this information may be used. If you require further details, contact us at: 

Policy Investigation Unit, Policy Investigation Unit, Po Box 121, Surrey Street, Norwich, NR1 3ZH

Telephone: 0345 300 0597

Email: PIUUKDI@aviva.com

We and other organisations may also receive information from these agencies and databases to:

  • help make decisions about the provision and administration of insurance, credit and related services;
  • trace debtors or beneficiaries, recover debt or prevent fraud;
  • check your identity to prevent money laundering, unless you furnish us with other satisfactory proof of identity.

Any requests for information we receive from law enforcement or regulators will be carefully validated before Personal Information is disclosed. 


International data transfers

Information may be held at our offices and those of our Aviva group companies, third party agencies, service providers, representatives and agents as described above (see above section on Who we share your Personal Information with).

Sometimes we, or third parties acting on our behalf, may need to transfer Personal Information outside of the UK. We’ll always take steps to ensure that any transfer of Personal Information outside the UK is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. This might include transfers to countries that the UK considers will provide adequate levels of data protection for your Personal Information (such as countries in the European Economic Area) or putting contractual obligations in place with the party we are sending information to. Transfers within the Aviva group will be covered by an agreement entered into by members of the Aviva group (an intra-group agreement) which contractually obliges each group company to ensure that your Personal Information receives an adequate and consistent level of protection wherever it is transferred within the group.

For more information about data transfers and the safeguards we have put in place, please contact us.

How long your personal information will be kept

We will keep your Personal Information while your Intermediary Firm has Terms of Business with Aviva or we are providing products and/or services to you.  Thereafter, we will keep your Personal Information for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly; and
  • to keep records required by law.

We will not retain your Personal Information for longer than necessary for the purposes set out in this Privacy Policy.  Different retention periods apply for different types of Personal Information. We maintain a data retention policy which we apply to the records we hold.

We may also retain Personal Information in an aggregated form which allows us to continue to develop and improve our products and services.

When it is no longer necessary to retain your Personal Information, we will delete or anonymise it.


Your rights

You have legal rights under data protection laws in relation to your Personal Information. 

  • Access to your Personal Information
  • Withdrawing consent
  • Rectification of your Personal Information
  • Erasing your Personal Information
  • Restricting our use of your Personal Information
  • Objecting to our use of your Personal Information
  • Requesting transfer of your Personal Information
  • Objecting to automated decision-making and profiling

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we’re dealing with the right individual.

We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked. This is because your rights will not always apply, for example if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way.  We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide our product and services to you.

For further information about your rights or how to exercise them, please contact us.

Access to your Personal Information

You may ask us for a copy of your Personal Information together with specified details about how we use your information. This is commonly known as a ‘subject access request’.

If you wish to make a subject access request, please contact us.

If your request is made electronically, we will, where possible, respond to you electronically. Otherwise, we will normally respond in writing unless you request otherwise.

Withdrawing consent

Where we’ve asked for your consent to use your Personal Information, you’ll always have the right to withdraw such consent. Please contact us if you want to do this. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.

Rectification of your Personal Information

We do our best to ensure that your Personal Information is accurate and kept up to date. If you believe your information is inaccurate or incomplete, then please contact us to request that we amend or update it.

Erasing your Personal Information

You may ask us to erase your Personal Information, but this right only applies in certain circumstances, for example where:

  • it is no longer necessary for us to use your Personal Information for the original purpose; 
  • our lawful basis for using your Personal Information is consent and you withdraw your consent; or
  • our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your Personal Information if you object.

This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your Personal Information.

Restricting our use of your Personal Information

You may ask us to stop using your Personal Information in certain circumstances such as:

  • where you have contacted us about the accuracy of your Personal Information and we are checking the accuracy;
  • if you have objected to your Personal Information being used based on legitimate interests.

This isn’t an absolute right and we may not be able to comply with your request.

Objecting to our use of your Personal Information

You can object if you no longer wish to receive direct marketing from us. Please see our section on Marketing for further information.

You may also object where you have grounds relating to your particular situation and the lawful basis we rely on for using your Personal Information is our (or a third party's) legitimate interests. However, we may continue to use your Personal Information where there are compelling legitimate grounds to do so.

Requesting transfer of your Personal Information

In some cases, you can ask us to transfer Personal Information that you have provided to us to another third party of your choice. This right only applies where:

  • we have justified our use of your Personal Information based on your consent or the performance of a contract with you; and
  • our use of your Personal Information is by electronic means.

Objecting to automated decision making and profiling

You have the right not to be subject to a decision using your Personal Information which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. This right does not apply if the decision is:

  • necessary for the purposes of a contract between us and you;
  • authorised by law (e.g. to prevent fraud); or
  • based on your explicit consent.

You do however have a right to request human intervention, express your view and challenge the decision.


We have appropriate security measures in place to prevent Personal Information from being accidentally lost or used or accessed unlawfully. We limit access to your Personal Information to those who have a genuine business need to access it. Those processing your Personal Information will do so only in an authorised manner and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

You should also be aware that communications over the internet, such as emails, are not secure unless they have been encrypted. Our websites and Intermediary Tools may contain links to other Aviva Group and third-party websites. These other websites will be subject to their own privacy policies which may differ from this Privacy Policy. You should carefully read the privacy policies of these websites before submitting any Personal Information.


Contacting Aviva

If you have any questions about this Privacy Policy or how to exercise your rights, please contact our Data Protection Officer:

  • Write to: The Data Protection Team, Aviva, PO Box 7684, Pitheavlis, Perth PH2 1JR
  • Email us: DATAPRT@aviva.com

If you’re not happy with the way we’re handling your Personal Information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioner's Office (ICO). We ask that you please attempt to resolve any issues with us before contacting the ICO.


Changes to this Privacy Policy

This Privacy Policy was published and updated on 13 Marc 2024.

This Privacy Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible, so please check back here for the current version.


Aviva's dedicated site for UK Intermediaries only. Not for use with customers, if you're a customer please go to aviva.co.uk